System and method for securing data within a storage system

ABSTRACT

According to the present invention, there is provided a system for securing data with a storage system. The system includes at least one storage device. In addition, the system includes a security mechanism for recognizing an attempt to insert or remove the storage device. Moreover, the system includes a management unit to control the insertion and removal of the storage device.

FIELD OF THE INVENTION

This present invention relates generally to data security, and, inparticular, to securing data within a system such that the data cannotbe contaminated, lost, or leaked from the system even when data storagedevices such as disk drives are removed from or added to the system.

BACKGROUND OF THE INVENTION

Storage systems are utilized to process and store sensitive data. Thissensitive data includes medical records, financial data and even detailsof weapons simulations. Such data must be securely managed so that it isnot contaminated, lost, or improperly leaked. Currently, such data isstored on data storage devices (e.g., disk drives) which tend to bereadily replaceable to facilitate repair, failure, and migration tofaster, cheaper and larger devices.

The ability to remove devices from the system means that data in thesystem could become vulnerable when a device is removed. Thisvulnerability could increase the risk of privacy law violations and/orincrease the likelihood that sensitive data will be released.

Furthermore, when storage devices are removed improperly, data stored inthe system could be lost. For example, if two disks are removed from aRAID-5 disk array, the data stored in the array will be lost. Theremoval could be done out of malice or human error. In either case theresulting cost can be enormous. A typical ten hour restore from backupcould cost millions of dollars, and cause serious harm to a company.

Moreover, inserting devices into a system could introduce contaminationsuch as foreign data and even viruses. For example, in a system thatenforces the WORM (Write Once Read Many) property on rewritable disks,allowing the disks to be removed and inserted back into the system couldcircumvent the enforcement of the WORM property and cause the system tobecome contaminated with rewritten data.

SUMMARY OF THE INVENTION

According to the present invention, there is provided a system forsecuring data with a storage system. The system includes at least onestorage device. In addition, the system includes a security mechanismfor recognizing an attempt to insert or remove the storage device.Moreover, the system includes a management unit to control the insertionand removal of the storage device.

Also, according to the present invention, there is provided a method forsecuring data within a storage system. The method includes recognizingan attempt to insert or remove a storage device from a storage system.In addition, the method includes controlling the insertion and removalof the storage device form the storage system.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of a storage system

FIG. 2 is a flowchart illustrating a method of attempting to insertstorage device into storage system

FIG. 3 is a flowchart illustrating a method of attempting to removestorage device from storage system.

DETAILED DESCRIPTION

The invention will be described primarily as a system and method forsecuring data within a storage system. In the following description, forpurposes of explanation, numerous specific details are set forth inorder to provide a thorough understanding of the present invention. Itwill be evident, however, to one skilled in the art that the presentinvention may be practiced without these specific details.

Those skilled in the art will recognize that an apparatus, such as adata processing system, including a CPU, memory, I/O, program storage, aconnecting bus and other appropriate components could be programmed orotherwise designed to facilitate the practice of the invention. Such asystem would include appropriate program means for executing theoperations of the invention.

An article of manufacture, such as a pre-recorded disk or other similarcomputer program product for use with a data processing system, couldinclude a storage medium and program means recorded thereon fordirecting the data processing system to facilitate the practice of themethod of the invention. Such apparatus and articles of manufacture alsofall within the spirit and scope of the invention.

Referring initially to FIG. 1, a storage system 10 is shown. Storagesystem 10 can include a plurality of storage devices 12. In oneembodiment, storage device 12 is a disk drive. Each storage device 12 isassociated with a locking mechanism 14. Storage system 10 includesstorage management controller 16. Storage management controller 16includes security monitoring unit 18, data monitoring unit 20, andinitialization unit 22.

Storage management controller 16 is responsible for controlling theinsertion and removal of storage device 12. Security monitoring unit 18is responsible for recognizing and attempt to insert or remove a storagedevice 12 from storage system 10.

Storage system 10 includes storage device slots 23, where each storagedevice slot 23 houses one storage device 12. In the exemplaryembodiment, storage device 12 is a disk drive.

In an alternate embodiment, storage management controller 16 includes afailure and prediction unit. The failure and prediction unit determinesthe impact on storage system 10 if storage device 12 is removed. Thefailure and prediction unit prevents the removal of storage device 12 ifit determines that the removal would have a negative impact on storagesystem 10, where negative impact includes imminent failure of hardwarecomponents or software within the storage system.

FIG. 2 is a flowchart illustrating a method 24 of attempting to insertstorage device 12 into storage system 10. At block 26, method 24 begins.

At block 28, an attempt to insert storage device 12 into storage system10 is recognized. The attempt is recognized by security monitoring unit16.

At block 30, storage device 12 is locked into position. Storage device12 is locked into position by locking mechanism 14. Locking mechanismsare associated with each of the storage device slots 23. Lockingmechanism 14 is moved into position after storage device 12 has beeninserted into storage device slot 23, to prevent removal of storagedevice 12. In the exemplary embodiment, locking mechanism 14 isautomatically engaged upon the insertion of storage device 12.

At block 32, storage device 12 is initialized. Storage device 12 is notaccessible for reading or writing until it has been initialized. In theexemplary embodiment, initializing the storage device comprises removingall existing data resident on storage device 12 and filling storagedevice 12 with a predetermined bit pattern. In an alternate embodiment,initializing storage device 12 includes resetting the state of storagedevice 12 to its initial factory value. In a further alternateembodiment, initializing storage device 12 includes populating storagedevice 12 with legitimate data currently stored in storage system 10.For example, if a storage device 12 is inserted to replace anotherstorage device 12 in a RAID-5 array, its initialization would includerebuilding the appropriate data on the inserted storage device 12.

At block 34, storage device 12 is made available for reading andwriting.

At block 36, method 24 ends.

FIG. 3 is a flowchart illustrating a method 38 of attempting to removestorage device 12 from storage system 10. At block 40, method 38 begins.

At block 42 an attempt to remove storage device 12 from storage system10 is recognized.

At block 44 a determination is made as to whether permission to removestorage device 12 has been granted. If no, then at block 45 permissionis denied. In one embodiment, a password is required before permissionto remove storage device 12 is granted.

At block 48, a determination is made as to whether a copy of datacontained within storage device 12 will remain in storage system 10, ifstorage device 12 is removed. If no, then at block 50 a copy of the datais made and stored within storage system 10. If yes, then at block 52,storage device 12 is initialized.

At block 54, locking mechanism 14 associated with storage device 12 isdisengaged to allow for the removal of storage device 12.

At block 56, method 38 ends.

In an alternative embodiment, storage device 12 may not be removedunless the resulting degree of fault tolerance in storage system 10remains the same.

While the invention has been described using a disk drive as a sampledata storage device, it should be apparent that the invention applies toother types of storage devices and to combinations of these devices.These devices include but are not limited to tapes, CDs, DVDs, flashmemory, Smart Cards, etc. It should also be apparent that differentmechanisms can be used to prevent a device from being removed from thesystem.

1. A system for securing data within a storage system, comprising: atleast one storage device; a security mechanism for recognizing anattempt to insert of remove the storage device; and a management unit tocontrol the insertion and removal of the storage device.
 2. The systemof claim 1 wherein the management unit initializes the storage deviceafter it has been inserted in the storage system, wherein the insertedstorage device is not accessible for reading or writing until it hasbeen initialized.
 3. The system of claim 1 wherein the storage systemcontains slots for housing at least one storage device.
 4. The system ofclaim 3 wherein the storage device is considered to be inserted into oneof the slots contained in the storage system if the storage device cancommunicate with at least one other storage device in the storagesystem.
 5. The system of claim 3 wherein each of the slots contains alocking mechanism that can be moved into position to prevent the removalof the storage device after it has been inserted into one of the slots.6. The system of claim 1 wherein the management unit determines whetherthere is a copy of all data on the storage device within the storagesystem, and allows the storage device to be removed only if a copy ofthe data exists within the storage system and after the storage devicehas been reinitialized.
 7. The system of claim 6 further comprisesallowing the storage device to be removed from the storage system onlyif the resulting degree of fault tolerance in the storage system remainsthe same.
 8. The system of claim 6 further includes a failure andprediction unit, wherein the failure and prediction unit recognizes theimpact on the storage system upon removal of the storage device andprevents the removal of the data storage device from the storage systemif it determines that the removal would have a negative impact on thestorage system.
 9. A computer program product comprising a computerusable medium including a computer readable program, wherein thecomputer readable program when executed on a computer causes thecomputer to: recognize an attempt to insert or remove a storage devicefrom a computer system; and to control the insertion and removal of thestorage device from the computer system.
 10. The computer programproduct of claim 9 wherein controlling the insertion of the storagedevice comprises initializing the storage device before making itavailable for reading or writing.
 11. The computer program product ofclaim 9 wherein the storage system contains slots for housing at leastone storage device.
 12. The computer program product of claim 11 whereinthe storage device is considered to be inserted into one of the slotscontained in the storage system if the storage device can communicatewith at least one other storage device in the storage system.
 13. Thecomputer program product of claim 11 wherein each of the slots containsa locking mechanism that can be moved into position to prevent theremoval of the storage device after it has been inserted into one of theslots.
 14. The computer program product of claim 13 wherein the lockingmechanism is automatically engaged upon the insertion of the storagedevice.
 15. The computer program product of claim 13 wherein the storagedevice is available for reading and storing data only after it has beenlocked into the slot and it has been initialized.
 16. The computerprogram product of claim 9 wherein the management unit determineswhether there is a copy of all data on the storage device within thestorage system, and allows the storage device to be removed only if acopy of the data exists within the storage system.
 17. The computerprogram product of claim 16 further comprises reinitializing the storagedevice before allowing the storage device to be removed from the storagesystem.
 18. The computer program product of claim 16 further comprisesallowing the storage device to be removed from the storage system onlyif the resulting degree of fault tolerance in the storage system remainsthe same.
 19. The computer program product of claim 16 further includesa failure and prediction unit, wherein the failure and prediction unitrecognizes the impact of on the storage system upon removal of thestorage device, and prevents the removal of the data storage device fromthe storage system if it determines that the removal would have anegative impact on the storage system.
 20. A method of deploying a datasecurity system within a storage system, comprising: identifying allstorage devices within a storage system; integrating a securitymechanism into the storage system for recognizing an attempt to insertor remove the identified storage devices; and integrating a managementunit into the storage system to control the insertion and removal of theidentified storage devices.